Fortinet Security Blog » windows 7 http://blog.fortinet.com Real Time Network Protection Wed, 08 Sep 2010 16:35:55 +0000 http://wordpress.org/?v=2.8.4 en hourly 1 ©Fortinet Product Marketing jleggio@fortinet.com (Fortinet Product Marketing) jleggio@fortinet.com(Fortinet Product Marketing) Fortinet Product Information 1440 forti-gate, anti-spam, anti-virus, fortigate The latest news and information about Fortinet products and services for Real Time Network Protection. Fortinet is a leading provider of Unified Threat Management (UTM) network security solutions for enterprise and service provider environments. The Fortinet FortiCast delivers news, information, and tutorials about products, services, and industry trends. Fortinet's FortiGate product line and FortiGuard security subscription services provide an array of integrated network security functions including antivirus, firewall, virtual private networking, intrusion prevention (IPS), web filtering, antispam and traffic optimization. Fortinet Product Marketing Fortinet Product Marketing jleggio@fortinet.com No no http://blog.fortinet.com/wp-content/uploads/2009/01/forticast-144x144.jpg Fortinet Security Blog http://blog.fortinet.com 144 144 Win7 remote DoS publicly disclosed http://blog.fortinet.com/win7-remote-dos-publicly-disclosed/ http://blog.fortinet.com/win7-remote-dos-publicly-disclosed/#comments Fri, 13 Nov 2009 14:53:10 +0000 DMaciejak http://blog.fortinet.com/?p=722 Laurent Gaffié disclosed on Nov. 11 on his blog a proof of concept written in Python. This occured just the morrow after the Black Tuesday, and seems the author does not follow responsible disclosure, and decided to publicly disclosed the code, as he disagreed with Microsoft’s answer (they wanted to delay the patch in a service pack rather than a Black Tuesday patch).

This piece of code (see Figure 1) has been verified to successfully remotely crash Microsoft Windows 7 and Windows 2008-R2. It is caused by sending a specially crafted NetBIOS header wrongly specifying the SMB (Server Message Block) packet size. No error messages dialog box nor evidence of the bug is recorded in the event logs, the computer just freezes.

win7code
Figure 1: code extract
Moreover, the issue occurs in pre-authentication stage so no credential is needed.

To trigger this issue, the victim must be trapped to open a Windows share, so just a link of type file://ip/something on an HTML page could do the trick. As of writing, no CVE number has been associated to this issue, however thanks to our IPS decoder signature, Fortinet customers are proactively protected with ¨NBSS.Invalid.Fragment¨ detection.

]]> http://blog.fortinet.com/win7-remote-dos-publicly-disclosed/feed/ 1